Maybe use a different c****l version? The first one I used wouldn’t work. The second one did.
1 Like
I got my first shell using the PIN
There may be multiple way to get the initial Shell
Can you give me a hint where you found the creds, I’m stuck on pivot
Been on this box for hours with no foothold. I have looked at every file and hidden folders downloaded. I just simply do not know how to apply my findings to get an L** or Reverse. Please help me in DMs.
There’s only 1 file that contains code that relates to the local file inclusion/path traversal vulnerability. Figuring out how to exploit is another step but you can find information on sites like HackTricks that can guide you in the right direction for that.
If you read the downloaded code to find the LFI vulnerability, then you already have access to the credentials.
V**** py file? Or the one with sanitization for file names
2 Likes
Just don’t break the app I guess
Hi. I’m newbe - especially in Web Secuirty. As people say - Rome wasn’t built in a weekl
I obtain problems with this machine - this is my first one and I can not hide my incompetence in WebSecurity. I can not even obtain r** s**** form L** and P*** T******* vulnerabilty in python engine of web app. Could somene give me hint on DM? Cheers
I know I’m probably going to cause some debate on this one, but I’m pretty sure L** isn’t really required. I think someone said it early on and it got more traction than it really deserved. I’d say this is more a case of patching in order to gain rce. The answers you seek are all in the opensource download 
the LFI is pretty nice when reading the files , but as far as i see the PIN in /console can be found. spent yesterday on the LFI and searchin how to further exploit it into RCE… nothing so far. if any one has a great hint for me can DM me please 
meanwhile i will try to get the PIN in /console
3 days on it, and im starting to get desperate ahahahah i’m not very experienced but isnt it supposed to be easy ? 
1 Like
I’d say lengthy, but still on the easy end. Again, everything needed to gain foothold is in that download.
Edit… actually something that is making this box killer is that it is out in genpop! When it was in release arena it was easy, but now the application is getting beaten so badly it fails to operate and a box reset is required.
I haven’t done enough boxes to really be sure of the difficulty, but it felt relatively hard for an “easy” box. Obviously there will be a range for each of these broad classifications, but there were a few things that I found really hard to gather concrete information on. Perhaps my Googlefu is lacking (actually, it most assuredly is :).
I agree with M3rlin on the box needing to be reset if you are really, really struggling. Once I reset it, things went much smoother for the final hurdle.
It took me a few days to get a foothold (sheesh) but after that things went a little better. For me the foothold was just kind of weird. I’d imagine it is a lack of experience with non-standard L** AND poor coding skills as I couldn’t figure out exactly how to modify my B*** info (for me it was absolutely a must to see things in B*** as it helped lead me down the right path, etc). I guess I just need to learn more, big surprise haha. Especially coding (man, I’m terrible at coding). Any recommendations for Python courses out there?
can you DM me ?
would like you discuss it more with you if possible
1 Like
there are at least 2 paths to foothold.
besides the normal path totally given in downloads, someone successfully calculated P*N via info leak through L**, then get foothold via console.
Aaaaah I see, thanks tec. Bruting the p*n or attempting to gain L** with a view to gaining info for the same did cross my mind but the ‘other way’ seemed like the easier path so I stayed on it. I may go back and explore the other paths now. Cheers!
…and rooted. Fun box. Overall I would say that it is an easy box, but quite lengthy, or maybe I just went about enumerating in an odd order lol.
1 Like
Do you have any tips for foothold?
The knowledge you need for foothold is in the download. I think tec’s hint about the LFI will also be in there
1 Like